When using Speedify to avoid Starlink outages, the approach is effective except for certain sites, particularly TV streamers. These sites dislike the Internet Service Provider (ISP) or ISPs that the Speedify VPN transits. Consequently, these streamers and other sites, such as Etsy, block traffic that originates from the Speedify source address.
To address this issue, create a separate VLAN and corresponding Wi-Fi network that specifically utilizes the Starlink gateway, bypassing Speedify. TVs can connect to this dedicated Wi-Fi network to avoid Speedify blocks, and other devices can switch to this network as needed to circumvent the blocks.
SmoothWAN (OpenWRT) is running on a dedicated Single Board Computer (SBC) with multiple GigE Ethernet ports and an onboard cellular modem.
- Starlink satellite internet (eth0)
- AT&T Cellular (wwan0)
- Ethernet ports eth1 to eth3 are bridged (br-lan)
| VLAN | Device | Type | SSID | IP Block | Gateway | Other Notes |
|---|---|---|---|---|---|---|
| VLAN1 | br-lan.1 | Native | XXXX | 10.2.10.0/24 | Speedify | Starlink is a backup for Speedify bypasses |
| VLAN2 | br-lan.2 | Tagged | XXXX-SLINK | 10.2.11.0/24 | Starlink | |
| VLAN3 | br-lan.3 | Tagged | n/a | 10.2.12.0/24 | AT&T Cellular | Not activated, used for testing during initial setup |
| Interface | Type | Device | Connected | Protocol | Other |
|---|---|---|---|---|---|
| LAN | Software VLAN | br-lan.1 | yes | Static address | |
| LAN2 | Software VLAN | br-lan.2 | yes | Static address | |
| LAN3 | Software VLAN | br-lan.3 | no | Static address | |
| STARLINK | Ethernet Adapter | eth0 | yes | DHCP client | |
| STARLINK6 | Ethernet Adapter | eth0 | yes | DHCPv6 client | Not started on boot |
| WAN | Ethernet Adapter | connectify0 | yes | Static address | Speedify Interface |
| WAN6 | Ethernet Adapter | connectify0 | yes | DHCPv6 client | Speedify v6 Interface |
| WWAN | Ethernet Adapter | wwan0 | yes | QMI Cellular | AT&T Mobile |
| WWAN_4 | Ethernet Adapter | wwan0 | yes | Virtual dynamic interface (DHCP client) |
- In
Network -> Interfaces -> STARLINK:Advanced: PickBYP1 (101)in theOverride IPv4 routing tableoption. - In
Network -> Routing -> IPV4 Rules: Add the following:
| General Settings | |
|---|---|
| Priority | 30000 |
| Rule type | unicast |
| Incoming interface | LAN2 |
| Source | 10.2.11.0/24 |
| Outgoing interface | unspecified |
| Destination | 0.0.0.0/0 |
| Table | BYP1 (101) |
and:
| Advanced Settings | |
|---|---|
| Jump to rule | 80000 |
| Firewall mark | 0x1/0xf |
| Type of service | 10 |
| User identifier | 1000-1005 |
| Prefix suppressor | 24 |
| Invert match | unset |
- At this point, the Default routing table gets updated from:
root@SmoothWAN:~# ip route
0.0.0.0/1 dev connectify0 scope link
default via 10.202.0.1 dev connectify0 proto static
default via 100.zz.0.1 dev eth0 proto static src 100.aa.bb.38 metric 10
default via 100.xx.yy.30 dev wwan0 proto static src 100.cc.dd.29 metric 20
10.2.10.0/24 dev br-lan.1 proto kernel scope link src 10.2.10.1
10.2.11.0/24 dev br-lan.2 proto kernel scope link src 10.2.11.1
10.202.0.0/24 dev connectify0 proto kernel scope link src 10.202.0.2
100.xx.yy.28/30 dev wwan0 proto static scope link metric 20
123.123.123.123 via 10.202.0.1 dev connectify0
128.0.0.0/1 dev connectify0 scope link
to:
root@SmoothWAN:~# ip route
0.0.0.0/1 dev connectify0 scope link
default via 10.202.0.1 dev connectify0 proto static
default via 100.xx.yy.30 dev wwan0 proto static src 100.cc.dd.29 metric 20
10.2.10.0/24 dev br-lan.1 proto kernel scope link src 10.2.10.1
10.2.11.0/24 dev br-lan.2 proto kernel scope link src 10.2.11.1
10.202.0.0/24 dev connectify0 proto kernel scope link src 10.202.0.2
100.xx.yy.28/30 dev wwan0 proto static scope link metric 20
123.123.123.123 via 10.202.0.1 dev connectify0
128.0.0.0/1 dev connectify0 scope link
Namely, the route via eth0 disappears. This is problematic because the traffic that Speedify bypasses gets sent via the next highest priority route in the default table, which is now via wwan0 or the slower (more expensive) AT&T Mobile link.
The BYP1 routing table looks like this:
root@SmoothWAN:~# ip route show table BYP1
default via 100.zz.0.1 dev eth0 proto static src 100.aa.bb.38 metric 10
a.b.c.d dev eth0 proto static scope link src 100.cc.dd.38 metric 10
100.nn.0.0/10 dev eth0 proto static scope link metric 10
192.168.mm.1 dev eth0 proto static scope link src 100.cc.dd.38 metric 10
To solve this problem, install the following cron (System -> Scheduled Tasks) to run fairly often, at least as often as the (eth0) interface gets new DHCP addresses, and often enough that this will run fairly quickly after a reboot. I chose 1-hour intervals at the top of the hour.
0 * * * * ip route list table BYP1 | grep default | xargs ip route add
What this does is it pulls the default route details from the BYP1 table and adds those to the default table, restoring the route table to the way it was before setting up the VLAN bypass.